The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c493ac9c-67d1-48a9-be21-824b1a1d56c2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-08T17:35:31
Updated: 2021-11-08T17:35:31
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24835
JSON object: View
NVD Information
Status : Modified
Published: 2021-11-08T18:15:10.340
Modified: 2023-11-07T03:31:20.940
Link: CVE-2021-24835
JSON object: View
Redhat Information
No data.
CWE